Preventing a rollback attack in a computing system that includes a primary memory bank and a backup memory bank
Preventing a rollback attack in a computing system that includes a primary memory bank and a backup memory bank, including during startup of the computing system: determining whether the computing system is attempting to use firmware in the backup memory bank; responsive to determining that the computing system is attempting to use firmware in the backup memory bank, determining whether the firmware in the backup memory bank is a previous version of firmware in the primary memory bank; responsive to determining that the firmware in the backup memory bank is a previous version of firmware in the primary memory bank, determining whether a system administrator has authorized the use of the firmware in the backup memory bank; and responsive to determining that the system administrator has authorized the use of the firmware in the backup memory bank, configuring the computing system to utilize the firmware in the backup memory bank.
Latest Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Patents:
- Virtual on-demand internet connectivity for management controllers
- Optimizing waste heat recovery and return water temperature using dynamic flow control based on server power profiles and cooling capacity of servers
- Shared memory workloads using existing network fabrics
- Intelligent multi-path call home
- Analytics-based anomaly detection
1. Field of the Invention
The field of the invention is data processing, or, more specifically, methods, apparatus, and products for preventing a rollback attack in a computing system that includes a primary memory bank and a backup memory bank.
2. Description of Related Art
Modern computing systems may be subjected to attacks from a hacker, a malicious program, or another entity that is typically remote relative to the computing system. One form of such attacks is a rollback attack. A rollback attack is typically performed by updating to older level firmware/software with known vulnerabilities. Rollback attacks on firmware can be done by leveraging a backup bank feature that is supported in some servers and other computing devices. In server firmware implementations, a backup bank is typically used to keep a good copy of the code. This backup code is used, for example, for auto-recovery. If a system has older level of code in the backup bank, however, a rollback attack can occur by simply switching to the backup bank during startup of the system.
SUMMARY OF THE INVENTIONMethods, apparatuses, and products for preventing a rollback attack in a computing system that includes a primary memory bank and a backup memory bank, including during startup of the computing system: determining, by an attack prevention module, whether the computing system is attempting to use firmware in the backup memory bank; responsive to determining that the computing system is attempting to use firmware in the backup memory bank, determining, by the attack prevention module, whether the firmware in the backup memory bank is a previous version of firmware in the primary memory bank; responsive to determining that the firmware in the backup memory bank is a previous version of firmware in the primary memory bank, determining, by the attack prevention module, whether a system administrator has authorized the use of the firmware in the backup memory bank; and responsive to determining that the system administrator has authorized the use of the firmware in the backup memory bank, configuring, by the attack prevention module, the computing system to utilize the firmware in the backup memory bank.
The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular descriptions of example embodiments of the invention as illustrated in the accompanying drawings wherein like reference numbers generally represent like parts of example embodiments of the invention.
Example methods, apparatuses, and products for preventing a rollback attack in a computing system that includes a primary memory bank and a backup memory bank in accordance with the present invention are described with reference to the accompanying drawings, beginning with
In the example of
Stored in the firmware (222) of the primary memory bank (218) is an attack prevention module (202), a module of computer program instructions improved for preventing a rollback attack in a computing system that includes a primary memory bank and a backup memory bank according to embodiments of the present invention. A rollback attack, as the term is used here, represents a form of attack directed to a computing system (152) in which the version of firmware utilized by the computing system (152) is ‘rolled back’ to a previous version such that security holes in the previous version of the firmware may be exploited.
The attack prevention module (202) of
The attack prevention module (202) of
Readers will appreciate that although the firmware (222) in the primary memory bank (218) is depicted as including attack prevention module (202), the inclusion of the attack prevention module (202) in the firmware (222) in the primary memory bank (218) does not prohibit the firmware (224) in the backup memory bank (220) from being the same version as the firmware (222) in the primary memory bank (218). Stated differently, both the firmware (224) in the backup memory bank (220) and the firmware (222) in the primary memory bank (218) may have the same version number and otherwise include identical features and functionality, with the attack prevention module (202) added as an extension to the firmware (222) in the primary memory bank (218). In some embodiments, the attack prevention module (202) may be added as an extension to the firmware (222) in the primary memory bank (218) by separating the attack prevention module (202) from the firmware (222) in the primary memory bank (218) and executing the code contained in the attack prevention module (202) prior to utilizing the firmware (222) in the primary memory bank (218).
The attack prevention module (202) of
The attack prevention module (202) of
The computing system (152) of
The computing system (152) of
The example computing system (152) of
The example computing system (152) of
For further explanation,
In the example method of
The example method of
The attack prevention module (202) of
The example method of
The example method of
The example method of
The example method of
For further explanation,
The example method of
In the example method of
In the example method of
In the example method of
For further explanation,
The steps depicted in
The method of
The method of
In the example method of
Readers will appreciate that after the system administrator is prompted (408) to authorize the use of the firmware (224) in the backup memory bank (220), startup of the computing system (200) begins (402). In such a way, if the system administrator has authorized the use of the firmware (224) in the backup memory bank (220), the computing system may reboot using the firmware (224) in the backup memory bank (220). If the system administrator has not authorized the use of the firmware (224) in the backup memory bank (220)—indicating the request to utilize the firmware (224) in the backup memory bank (220) was initiated by a malicious program or other entity that is not a system administrator—attempting to reboot computing system using the firmware (224) in the backup memory bank (220) will fail at step 212, and the computing system will be rebooted using the firmware (222) in the primary memory bank (218) as depicted in
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or computer program product. Accordingly, aspects of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, aspects of the present invention may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.
Any combination of one or more computer readable medium(s) may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
Aspects of the present invention are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It will be understood from the foregoing description that modifications and changes may be made in various embodiments of the present invention without departing from its true spirit. The descriptions in this specification are for purposes of illustration only and are not to be construed in a limiting sense. The scope of the present invention is limited only by the language of the following claims.
Claims
1. A method comprising:
- receiving a request to utilize firmware in a backup memory bank of a computer system;
- prompting a system administrator to authorize the use of the firmware in the backup memory bank;
- restarting the computer system;
- during startup of the computing system and prior to utilizing firmware in a primary memory bank and the firmware in the backup memory bank: determining whether the computing system is attempting to use firmware in the backup memory bank; responsive to determining that the computing system is attempting to use firmware in the backup memory bank, determining whether the firmware in the backup memory bank is a previous version of firmware in a primary memory bank; responsive to determining that the firmware in the backup memory bank is a previous version of firmware in the primary memory bank, determining whether a system administrator has authorized the use of the firmware in the backup memory bank, wherein determining whether the system administrator has authorized the use of the firmware in the backup memory bank comprises determining whether the system administrator provided consent in response to the prompting the system administrator to authorize the use of the firmware in the backup memory bank; responsive to determining that the system administrator has authorized the use of the firmware in the backup memory bank, configuring the computing system to utilize the firmware in the backup memory bank; and responsive to determining that the system administrator has not authorized the use of the firmware in the backup memory bank, configuring the computing system to utilize the firmware in the primary memory bank.
2. The method of claim 1 further comprising, responsive to determining that the computing system is not attempting to use firmware in the backup memory bank, configuring the computing system to utilize the firmware in the primary memory bank.
3. The method of claim 1 further comprising, responsive to determining that the firmware in the backup memory bank is not a previous version of firmware in the primary memory bank, configuring, by the attack prevention module, the computing system to utilize the firmware in the backup memory bank.
4. The method of claim 1 wherein prompting the system administrator to authorize the use of the firmware in the backup memory bank further comprises prompting the system administrator to assert a physical presence detector of the computing system.
5. An apparatus comprising a computing system, a primary memory bank, a backup memory bank, a computer processor, a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of:
- receiving a request to utilize firmware in the backup memory bank of the computer system;
- prompting a system administrator to authorize the use of the firmware in the backup memory bank;
- restarting the computer system;
- during startup of the computing system and prior to utilizing firmware in a primary memory bank and the firmware in the backup memory bank: determining whether the computing system is attempting to use firmware in the backup memory bank; responsive to determining that the computing system is attempting to use firmware in the backup memory bank, determining whether the firmware in the backup memory bank is a previous version of firmware in a primary memory bank; responsive to determining that the firmware in the backup memory bank is a previous version of firmware in the primary memory bank, determining whether a system administrator has authorized the use of the firmware in the backup memory bank, wherein determining whether the system administrator has authorized the use of the firmware in the backup memory bank comprises determining whether the system administrator provided consent in response to the prompting the system administrator to authorize the use of the firmware in the backup memory bank; responsive to determining that the system administrator has authorized the use of the firmware in the backup memory bank, configuring the computing system to utilize the firmware in the backup memory bank; and responsive to determining that the system administrator has not authorized the use of the firmware in the backup memory bank, configuring the computing system to utilize the firmware in the primary memory bank.
6. The apparatus of claim 5 further comprising computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the step of, responsive to determining that the computing system is not attempting to use firmware in the backup memory bank, configuring the computing system to utilize the firmware in the primary memory bank.
7. The apparatus of claim 5 further comprising computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the step of, responsive to determining that the firmware in the backup memory bank is not a previous version of firmware in the primary memory bank, configuring the computing system to utilize the firmware in the backup memory bank.
8. The apparatus of claim 5 wherein prompting the system administrator to authorize the use of the firmware in the backup memory bank further comprises prompting the system administrator to assert a physical presence detector of the computing system.
9. A computer program product including a computer readable storage medium, wherein the computer readable storage medium is not a signal, the computer program product comprising computer program instructions that, when executed, cause a computer to carry out the steps of:
- receiving a request to utilize firmware in a backup memory bank of a computer system;
- prompting a system administrator to authorize the use of the firmware in the backup memory bank;
- restarting the computer system;
- during startup of the computing system and prior to utilizing firmware in a primary memory bank and the firmware in the backup memory bank: determining whether the computing system is attempting to use firmware in the backup memory bank; responsive to determining that the computing system is attempting to use firmware in the backup memory bank, determining whether the firmware in the backup memory bank is a previous version of firmware in a primary memory bank; responsive to determining that the firmware in the backup memory bank is a previous version of firmware in the primary memory bank, determining whether a system administrator has authorized the use of the firmware in the backup memory bank, wherein determining whether the system administrator has authorized the use of the firmware in the backup memory bank comprises determining whether the system administrator provided consent in response to the prompting the system administrator to authorize the use of the firmware in the backup memory bank; responsive to determining that the system administrator has authorized the use of the firmware in the backup memory bank, configuring the computing system to utilize the firmware in the backup memory bank; and responsive to determining that the system administrator has not authorized the use of the firmware in the backup memory bank, configuring the computing system to utilize the firmware in the primary memory bank.
10. The computer program product of claim 9 further comprising computer program instructions that, when executed, cause the computer to carry out the step of, responsive to determining that the computing system is not attempting to use firmware in the backup memory bank, configuring the computing system to utilize the firmware in the primary memory bank.
11. The computer program product of claim 9 further comprising computer program instructions that, when executed, cause the computer to carry out the step of, responsive to determining that the firmware in the backup memory bank is not a previous version of firmware in the primary memory bank, configuring the computing system to utilize the firmware in the backup memory bank.
12. The computer program product of claim 9 wherein prompting the system administrator to authorize the use of the firmware in the backup memory bank further comprises prompting the system administrator to assert a physical presence detector of the computing system.
13. The method of claim 1 wherein prompting the system administrator to authorize the use of the firmware in the backup memory bank further comprises prompting the system administrator over a secure connection to the computer system.
14. The apparatus of claim 5 wherein prompting the system administrator to authorize the use of the firmware in the backup memory bank further comprises prompting the system administrator over a secure connection to the computer system.
15. The computer program product of claim 9 wherein prompting the system administrator to authorize the use of the firmware in the backup memory bank further comprises prompting the system administrator over a secure connection to the computer system.
5825880 | October 20, 1998 | Sudia |
7907729 | March 15, 2011 | Morrow et al. |
8041988 | October 18, 2011 | Tarra et al. |
8627407 | January 7, 2014 | Satish |
20020013898 | January 31, 2002 | Sudia |
20020152396 | October 17, 2002 | Fox et al. |
20030115469 | June 19, 2003 | Shippy et al. |
20050132351 | June 16, 2005 | Randall et al. |
20050188366 | August 25, 2005 | Chang |
20080047016 | February 21, 2008 | Spoonamore |
20080195868 | August 14, 2008 | Asokan et al. |
20090019551 | January 15, 2009 | Haga et al. |
20090217341 | August 27, 2009 | Sun et al. |
20090271603 | October 29, 2009 | Wang |
20110123024 | May 26, 2011 | Morrow et al. |
20130160084 | June 20, 2013 | Hansen |
20140007071 | January 2, 2014 | Chang et al. |
20140130151 | May 8, 2014 | Krishnamurthy et al. |
20140282827 | September 18, 2014 | Mitchell |
20140317612 | October 23, 2014 | Ayanam et al. |
1591363 | March 2005 | CN |
102238001 | November 2011 | CN |
1300765 | April 2003 | EP |
- Reynolds, J., et al., “On-Line Intrusion Detection and Attack Prevention Using Diversity, Generate-And-Test, and Generalization”, Proceedings of the 36th Annual Hawaii International Conference (HICSS'03), Jan. 6-9, 2003, pp. 1-8, IEEE Computer Society Washington, DC, USA.
Type: Grant
Filed: Nov 15, 2013
Date of Patent: Sep 20, 2016
Patent Publication Number: 20150143163
Assignee: Lenovo Enterprise Solutions (Singapore) Pte. Ltd. (Singapore)
Inventors: Shiva R. Dasari (Austin, TX), Raghuswamyreddy Gundam (Austin, TX)
Primary Examiner: Amare F Tabor
Application Number: 14/081,008
International Classification: G06F 7/04 (20060101); G06F 11/14 (20060101); G06F 9/445 (20060101); G06F 21/00 (20130101); G06F 21/57 (20130101);